New Flash vulnerability already being exploited

On February 1, Adobe published a security advisory about a critical vulnerability (CVE-2018-4878) in Flash Player 28.0.0.137 and earlier versions. Successful exploitation could allow an attacker to take control of an affected system.

An exploit for CVE-2018-4878 already exists, and is being used in targeted attacks against Windows users. So far, attacks based on this vulnerability have been delivered via Office documents with malicious Flash content as email attachments.

Adobe plans to address this vulnerability next week. Meanwhile, use extreme caution when deciding whether to open email attachments, especially if they appear to be Office documents.

Flash is gradually disappearing from use, but it’s still used enough to make it a tempting target for malicious hackers.

jrivett’s Tweets

New white paper confirms that compromising encryption (to make law enforcement a bit easier) is a very bad idea. AG and FBI officials are really just advertising their own weakness when they complain about this. techdirt.com/article…

Describing his hobby as 'fun' and saying “I never intended for anyone to get shot and killed”, this serial Swatter will hopefully get 10+ years behind bars for his role in a Kansas death-by-SWAT. krebsonsecurity.com/…